CVE-2022-50127

low-risk

Published 2025-06-18

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxe_create_qp() In the function rxe_create_qp(), rxe_qp_from_init() is called to initialize qp, internally things like the spin locks are not setup until rxe_qp_init_req(). If an error occures before this point then the unwind will call rxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task() which will oops when trying to access the uninitialized spinlock. Move the spinlock initializations earlier before any failures.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (8)

Patch https://git.kernel.org/stable/c/1a63f24e724f677db1ab21251f4d0011ae0bb5b5

Patch https://git.kernel.org/stable/c/2ceeb04252e621c0b128ecc8fedbca922d11adba

Patch https://git.kernel.org/stable/c/3c838ca6fbdb173102780d7bdf18f2f7d9e30979

Patch https://git.kernel.org/stable/c/3ef491b26c720a87fcfbd78b7dc8eb83d9753fe6

Patch https://git.kernel.org/stable/c/b348e204a53103f51070513a7494da7c62ecbdaa

Patch https://git.kernel.org/stable/c/db924bd8484c76558a4ac4c4b5aeb52e857f0341

Patch https://git.kernel.org/stable/c/f05b7cf02123aaf99db78abfe638efefdbe15555

Patch https://git.kernel.org/stable/c/fd5382c5805c4bcb50fd25b7246247d3f7114733

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal